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The MAILING DATE of this communication appears on the cover sheet with the correspondence address ■ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period wilt apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply wilt, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication^) filed on . 

2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1-28 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-28 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) [3 The drawing(s) filed on 29 September 2000 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



If a copy of a provisional application listed on the bottom portion of the accompanying 
Notice of References Cited (PTO-892) form is not included with this Office action and the PTO- 
892 has been annotated to indicate that the copy was not readily available, it is because the copy 
could not be readily obtained when the Office action was mailed. Should applicant desire a copy 
of such a provisional application, applicant should promptly request the copy from the Office of 
Public Records (OPR) in accordance with 37 CFR 1.14(a)(l)(iv), paying the required fee under 
37 CFR 1. 19(b)(1). If a copy is ordered from OPR, the shortened statutory period for reply to 
this Office action will not be reset under MPEP § 710.06 unless applicant can demonstrate a 
substantial delay by the Office in fulfilling the order for the copy of the provisional application. 
Where the applicant has been notified on the PTO-892 that a copy of the provisional application 
is not readily available, the provision of MPEP § 707.05(a) that a copy of the cited reference will 
be automatically furnished without charge does not apply. 



The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 1-28 are rejected under 35 U.S.C. 102(e) as being anticipated by Jablon 



Claim Rejections - 35 USC § 102 



(US2002/0067832 Al). 
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With respect to Claim 1, the limitation of "dividing the password into a plurality of pieces" 
on paragraph 20; and "storing pieces of the password on a different one of a plurality of servers, each 
of the plurality of servers being independent from others of the plurality of servers" on paragraph 21; 
and "separately authenticating a user at each of the plurality of servers, each of the plurality of 
servers transmitting the piece of the password stored at the respective server to the user when the 
authentication at that server is successful" on paragraph 92; and "assembling the password from the 
password pieces transmitted from the plurality of servers" is met on paragraph 63. 

With respect to Claim 2, 7, 18 and 22, the limitation of "wherein the password is a private 
key in a public/private key pair" is met on paragraph 82. 

With respect to Claim 3, the limitation of "wherein a second password is used to authenticate 
the user at each of the plurality of servers, the second password being a weak password" is met on 
paragraph 280 and 282. In the reference the weak password is represented by the PIN code. 

With respect to Claim 4, the limitation of "wherein each of the pieces of the password are 
encrypted before being stored on each of the servers, encryption keys for the encryption of the 
password pieces being derived from the second password" is met on paragraphs 280 and 282. 

With respect to Claim 5, the limitation of "wherein all but one of the pieces of the password 
are stored at the plurality of servers and one piece of the password is stored at a computer local to the 
user" is met on paragraph 2 1 . 
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With respect to Claim 6 and 21 the limitation of "receiving an encrypted portion of the password, 
the encrypted portion of the password comprising less than the entire password storing the encrypted 
portion of the password with information identifying a user of the encrypted portion of the password" is 
met on paragraph 82; and "receiving a request for the encrypted portion of the password, the request 
including the identification information" is met on paragraph 83; and "returning the encrypted portion of 
the password to the user when the identification information in the request matches the stored 
identification information" is met on paragraphs 83 and 85. 

With respect to Claim 8, 19, 23, the limitation of "wherein the received encrypted portion of the 
password is encrypted based on a symmetric encryption of the portion of the password using a key based 
on a second 'password, the second password being a weak password" is met on paragraph 82. 

With respect to Claim 9, 20, 24, the limitation of "wherein the information identifying the user of 
the encrypted portion of the password is based on the second password" is met on paragraphs 280-283. 

With respect to Claim 10, the limitation of "entering a second password of the user; and 
authenticating the user at each of a plurality of servers based on the second password, the plurality of 
servers being independent from one another" is met on paragraph 282; and "receiving an encrypted 
version of a portion of the first password from each of the plurality of servers at which the 
authentication was successful, each of the portions of the first password containing less than the 
entire password decrypting the received encrypted portions of the first password using encryption 
keys based on the second password" is met on paragraph 283; and "assembling the first password 
from the decrypted portions" is met inherently on paragraph 283. 
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With respect to Claim 1 1 and 26, the limitation of "wherein the first password is a strong 
user password" is met on paragraph 79. 

With respect to Claim 12 and 27, the limitation of "wherein the first password is a private 
key in a public/private key pair" is met on paragraph 82. 

With respect to Claim 13 and 28, the limitation of "wherein the second password is a weak 
password" is met on paragraph 280 and 282. 

With respect to Claim 14, the limitation of "transmitting each of portions of a password 
entered by the user and divided into a plurality of pieces to corresponding ones of a plurality of 
remote servers, each of the plurality of remote servers being independent from others of the plurality of 
remote servers, and each of the servers heaving a respective piece of the password pre-registered with the 
server" is met on paragraph 82; and "comparing the transmitted pieces of the password to the 
pre-registered versions of the password at the plurality of servers" is met on paragraph 83-85; and 
"generating an authentication accept message at each of the plurality of servers at which the 
pre-registered version of the piece of the password matches the transmitted portions of the password" on 
paragraph 86; and "authenticating the user when the authentication accept message is generated for all of 
the pieces of the password at the plurality of servers" is met on paragraph 86-87. 

With respect to Claim 15, the limitation of "wherein a piece of the password is pre-registered at a 
computer local to the user and the authentication accept message is generated by the computer local to the 
user when the pre-registered piece of the password at the computer local to the user matches a 
corresponding piece of the password entered by the user" is met on paragraph 85-86. 
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With respect to Claim 16, the limitation "wherein the authentication accept messages are received 
and accepted at a content server remote from the user" is met inherently on paragraph 86. 

With respect to Claim 17, the limitation of "a computer memory" is met inherently on paragraph 
63; and "a processor coupled to the computer memory, the processor" inherently on paragraph 63. The 
limitation of "the processor receiving an encrypted portion of a password, the encrypted portion of the 
password comprising less than the entire password; storing the encrypted portion of the password with 
information identifying a user of the encrypted portion of the password; receiving a request for the 
encrypted portion of the password, the request including the identification information; and returning the 
encrypted portion of the password to the user when the identification information in the request matches 
the stored identification information" is similar to Claim 6 limitation and hence its rejection can be found 
therein. 

The limitation of "wherein the computer server is independent of other computer servers storing 
other portions of the password" is met on Fig. 1 . 

With respect to Claim 25, the limitation of "receiving a second password entered by the user" is 
met on paragraph 280; and "authenticating the user at each of a plurality of servers based on the second 
password, the plurality of servers being independent from one another" is met on paragraph 280 and 282; 
and "receiving an encrypted version of a portion of the first password from each of the plurality of servers 
at which the authentication was successful, each of the portions of the first password containing less than 
the entire password" is met on paragraph 283; and "decrypting the received encrypted portions of the first 
password using encryption keys based on the second password" is met on paragraph 283; and 
"assembling the first password from the decrypted portions" is inherently on paragraph 283. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tracey Akpati whose telephone number is 703-305-7820. The 
examiner can normally be reached on 8.30am-6.00pm 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703-305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



